asp.net 默认授权不带 [Authorize]

编程问答 2022-04-27

问题描述

我有一个 asp.netcore .net 5 应用程序。

我已获得使用控制器端点上方的 [Authorize] 属性的授权。

如何在不使用 [Authorize] 属性的情况下使其使用授权?以下是我设置授权的方式:

我在 ConfigureServices 有这个:

public void ConfigureServices(IServiceCollection services)
{...
        FirebaseApp.Create(new AppOptions()
        {
            Credential = GoogleCredential.FromFile("firebase_admin_sdk.json"),});

        services
        .AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
        .AddJwtBearer(options =>
        {
            options.Authority = "https://securetoken.google.com/vepo-xxx";
            options.TokenValidationParameters = new TokenValidationParameters
            {
                ValidateIssuer = true,Validissuer = "https://securetoken.google.com/vepo-xxx",ValidateAudience = true,ValidAudience = "vepo-xxx",ValidateLifetime = true
            };
        });
...}

在我 Configure 中:

public void Configure(IApplicationBuilder app,IWebHostEnvironment env,VepoContext context,ISearchIndexService searchIndexService)
{...
    app.UseAuthentication();
    app.UseAuthorization();
...}

解决方法

请参阅 Require authenticated users 的文档。您可以向所有控制器添加 RequireAuthenticatedUser()

public void ConfigureServices(IServiceCollection services)
{

    ...

    services.AddControllers(config =>
    {
        // using Microsoft.AspNetCore.Mvc.Authorization;
        // using Microsoft.AspNetCore.Authorization;
        var policy = new AuthorizationPolicyBuilder()
                         .RequireAuthenticatedUser()
                         .Build();
        config.Filters.Add(new AuthorizeFilter(policy));
    });
.net-5asp.netasp.net-authorizationasp.net-coreasp.net5